registry  /  rea-agents  /  0.5.0

rea-agents@0.5.0

Reverse engineer anything from your terminal or coding agent with one CLI and MCP server.

Static Scan Results

scanned 21h ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 12 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 127 file(s), 680 KB of source, external domains: 127.0.0.1, raw.githubusercontent.com, www.hopperapp.com

Source & flagged code

4 flagged · loading source
dist/application/BinarySession.jsView file
90importEvidenceBundle(bundle) { L91: return this.#evidence.import(bundle); L92: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/application/BinarySession.jsView on unpkg · L90
dist/application/LinuxHopper.jsView file
1import { createHash } from "node:crypto"; L2: import { execFile } from "node:child_process"; L3: import { access, mkdtemp, readFile, rm, writeFile } from "node:fs/promises"; ... L8: const execFileAsync = promisify(execFile); L9: const RELEASES_URL = "https://www.hopperapp.com/include/files-api.php?request=releases&public=true"; L10: const DOWNLOAD_PREFIX = "https://www.hopperapp.com:443/downloader/public/"; ... L104: ok: response.ok, L105: bytes: new Uint8Array(await response.arrayBuffer()), L106: }; ... L114: const linked = await execFileAsync("ldd", [path]); L115: return linuxSharedLibrariesAvailable(`${linked.stdout}\n${linked.stderr}`); L116: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/application/LinuxHopper.jsView on unpkg · L1
bridge/hopper_bridge.pyView file
path = bridge/hopper_bridge.py kind = build_helper sizeBytes = 31541 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bridge/hopper_bridge.pyView on unpkg
dist/hopper/BridgeLauncher.jsView file
matchType = previous_version_dangerous_delta matchedPackage = rea-agents@0.4.0 matchedIdentity = npm:cmVhLWFnZW50cw:0.4.0 similarity = 0.883 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/hopper/BridgeLauncher.jsView on unpkg

Findings

1 High5 Medium6 Low
HighPrevious Version Dangerous Deltadist/hopper/BridgeLauncher.js
MediumDynamic Requiredist/application/BinarySession.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbridge/hopper_bridge.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/application/LinuxHopper.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings